oss-sec mailing list archives
[CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerabiulity in Apache Roller
From: Dave <snoopdave () gmail com>
Date: Thu, 11 Jul 2019 18:14:30 -0400
Severity: Important Vendor: The Apache Software Foundation Versions affected: Roller 5.2, 5.2.1, 5.2.2. The unsupported pre-Roller 5.1 versions may also be affected. Description: Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). Mitigation: The mitigation for this vulnerability is to upgrade to the lastest version of Roller, which is now Roller 5.2.3. Credit: This issue was discovered and reported by Muthukumar Marikani
Current thread:
- [CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerabiulity in Apache Roller Dave (Jul 12)